From owner-freebsd-current@FreeBSD.ORG Wed Dec 25 12:37:53 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A12BA618; Wed, 25 Dec 2013 12:37:53 +0000 (UTC) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6059E12B1; Wed, 25 Dec 2013 12:37:53 +0000 (UTC) Received: from [197.87.92.126] (helo=[192.168.0.6]) by gromit.grondar.org with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1VvniS-000Aur-P2; Wed, 25 Dec 2013 12:37:42 +0000 Subject: Re: [PATCH RFC] Disable save-entropy in jails Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Content-Type: multipart/signed; boundary="Apple-Mail=_17113B37-5154-4D04-A822-FC5C92A4DA40"; protocol="application/pgp-signature"; micalg=pgp-sha512 From: Mark R V Murray In-Reply-To: <52BA2125.8050404@delphij.net> Date: Wed, 25 Dec 2013 14:37:17 +0200 Message-Id: <22790868-E1B1-4130-83DB-E5CD86DD40A4@grondar.org> References: <52B9F232.1090002@delphij.net> <278988C7-1749-413D-A5E2-ABE6753B3766@proper.com> <52BA1065.6000403@delphij.net> <52BA2125.8050404@delphij.net> To: d@delphij.net X-Mailer: Apple Mail (2.1827) X-SA-Score: -1.0 X-Mailman-Approved-At: Wed, 25 Dec 2013 12:59:49 +0000 Cc: "freebsd-security@freebsd.org" , Paul Hoffman , FreeBSD Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2013 12:37:53 -0000 --Apple-Mail=_17113B37-5154-4D04-A822-FC5C92A4DA40 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On 25 Dec 2013, at 02:04, Xin Li wrote: > No, we are not talking about removing /var/db/entropy. What I am > proposing to do is to disable entropy savings from jails. Here is = why: >=20 > The way a PRNG works is that it uses one or many entropy sources to > "feed" its internal state, and generate a series of pseudo-random > numbers from the internal state via a PRF. >=20 > FreeBSD collects entropy from several sources: Ethernet, interrupts, > software interrupts, etc., as well as hardware RNG that is available > to the system, and use all these entropy to derive the internal state > of its PRNG. >=20 > When reading from /dev/random, one essentially consumes entropy that > is fed into the random device, and eventually it would cause a reseed. > In an ideal world, we would want this to be less predicable and > controllable from a potential attacker. So far so good. :-) > Normal applications tends to read /dev/random in small bites, and do > so in a discrete and nearly random manner, assuming we have a lot of > processes running. Saving entropy, on the other hand, happen in > larger chunks at a determined time. With multiple jails running, one > would have a lot of big chunk reads from the /dev/random device, > making its behavior more deterministic, which could have bad = consequences. I doubt it goes as far as =93bad=94, but it certainly does no good. I would support the notion of not caching entropy in jails IFF this didn=92t leak out and prevent harvesting in the jail=92s host AND this gave a noticeable simplification of script code. M --=20 Mark R V Murray --Apple-Mail=_17113B37-5154-4D04-A822-FC5C92A4DA40 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQCVAwUBUrrRgd58vKOKE6LNAQqTmAP+PFDENFpW/rAJu2PFJBlYv+fexNFTiVG0 6IbkeollEsAOZc5mFI0ehdGzcohgw986usl7zxWSc0PntiIQNR2Z7VMEM3f9tZJy +bvxG3M2VlgMEmVwZqouuoZlz56f4CBQoi6x6FlNGDQWpErxDfvdj+ZiudpkKf3n 2NZW6fyD/PY= =OelK -----END PGP SIGNATURE----- --Apple-Mail=_17113B37-5154-4D04-A822-FC5C92A4DA40--